GopherProxy

	quark-noroot-20191003-3c7049e.diff - sites - public wiki contents of suckless.o…
	git clone git://git.suckless.org/sites
	Log
	Files
	Refs
	---
	quark-noroot-20191003-3c7049e.diff (5193B)
	---
	1 From d91f68b56a4fd673786e9e4df0088642f3b186ff Mon Sep 17 00:00:00 2001
	2 From: codesoap <[email protected]>
	3 Date: Thu, 3 Oct 2019 17:00:49 +0200
	4 Subject: [PATCH] patch: noroot
	5
	6 Don't require or allow root to run quark.
	7 ---
	8 main.c \| 50 ++------------------------------------------------
	9 quark.1 \| 13 +------------
	10 sock.c \| 7 +------
	11 sock.h \| 2 +-
	12 4 files changed, 5 insertions(+), 67 deletions(-)
	13
	14 diff --git a/main.c b/main.c
	15 index c1ff489..583e343 100644
	16 --- a/main.c
	17 +++ b/main.c
	18 @@ -1,9 +1,7 @@
	19 /* See LICENSE file for copyright and license details. */
	20 #include <errno.h>
	21 -#include <grp.h>
	22 #include <limits.h>
	23 #include <netinet/in.h>
	24 -#include <pwd.h>
	25 #include <regex.h>
	26 #include <signal.h>
	27 #include <sys/resource.h>
	28 @@ -163,7 +161,7 @@ err:
	29 static void
	30 usage(void)
	31 {
	32 - const char *opts = "[-u user] [-g group] [-n num] [-d dir] [-l]…
	33 + const char *opts = "[-n num] [-d dir] [-l] "
	34 "[-i file] [-v vhost] ... [-m map] ...";
	35
	36 die("usage: %s -h host -p port %s\n"
	37 @@ -174,8 +172,6 @@ usage(void)
	38 int
	39 main(int argc, char *argv[])
	40 {
	41 - struct group *grp = NULL;
	42 - struct passwd *pwd = NULL;
	43 struct rlimit rlim;
	44 struct sockaddr_storage in_sa;
	45 pid_t cpid, wpid, spid;
	46 @@ -188,8 +184,6 @@ main(int argc, char *argv[])
	47 /* defaults */
	48 int maxnprocs = 512;
	49 char *servedir = ".";
	50 - char *user = "nobody";
	51 - char *group = "nogroup";
	52
	53 s.host = s.port = NULL;
	54 s.vhost = NULL;
	55 @@ -202,9 +196,6 @@ main(int argc, char *argv[])
	56 case 'd':
	57 servedir = EARGF(usage());
	58 break;
	59 - case 'g':
	60 - group = EARGF(usage());
	61 - break;
	62 case 'h':
	63 s.host = EARGF(usage());
	64 break;
	65 @@ -241,9 +232,6 @@ main(int argc, char *argv[])
	66 case 'U':
	67 udsname = EARGF(usage());
	68 break;
	69 - case 'u':
	70 - user = EARGF(usage());
	71 - break;
	72 case 'v':
	73 if (spacetok(EARGF(usage()), tok, 4) \|\| !tok[0] \|\| !tok…
	74 !tok[2]) {
	75 @@ -291,25 +279,13 @@ main(int argc, char *argv[])
	76 die("setrlimit RLIMIT_NPROC:");
	77 }
	78
	79 - /* validate user and group */
	80 - errno = 0;
	81 - if (user && !(pwd = getpwnam(user))) {
	82 - die("getpwnam '%s': %s", user, errno ? strerror(errno) :
	83 - "Entry not found");
	84 - }
	85 - errno = 0;
	86 - if (group && !(grp = getgrnam(group))) {
	87 - die("getgrnam '%s': %s", group, errno ? strerror(errno)…
	88 - "Entry not found");
	89 - }
	90 -
	91 /* Open a new process group */
	92 setpgid(0,0);
	93
	94 handlesignals(sigcleanup);
	95
	96 /* bind socket */
	97 - insock = udsname ? sock_get_uds(udsname, pwd->pw_uid, grp->gr_g…
	98 + insock = udsname ? sock_get_uds(udsname) :
	99 sock_get_ips(s.host, s.port);
	100
	101 switch (cpid = fork()) {
	102 @@ -329,24 +305,9 @@ main(int argc, char *argv[])
	103 eunveil(servedir, "r");
	104 eunveil(NULL, NULL);
	105
	106 - /* chroot */
	107 if (chdir(servedir) < 0) {
	108 die("chdir '%s':", servedir);
	109 }
	110 - if (chroot(".") < 0) {
	111 - die("chroot .:");
	112 - }
	113 -
	114 - /* drop root */
	115 - if (grp && setgroups(1, &(grp->gr_gid)) < 0) {
	116 - die("setgroups:");
	117 - }
	118 - if (grp && setgid(grp->gr_gid) < 0) {
	119 - die("setgid:");
	120 - }
	121 - if (pwd && setuid(pwd->pw_uid) < 0) {
	122 - die("setuid:");
	123 - }
	124
	125 if (udsname) {
	126 epledge("stdio rpath proc unix", NULL);
	127 @@ -354,13 +315,6 @@ main(int argc, char *argv[])
	128 epledge("stdio rpath proc inet", NULL);
	129 }
	130
	131 - if (getuid() == 0) {
	132 - die("Won't run as root user", argv0);
	133 - }
	134 - if (getgid() == 0) {
	135 - die("Won't run as root group", argv0);
	136 - }
	137 -
	138 /* accept incoming connections */
	139 while (1) {
	140 in_sa_len = sizeof(in_sa);
	141 diff --git a/quark.1 b/quark.1
	142 index ce315b5..e45140c 100644
	143 --- a/quark.1
	144 +++ b/quark.1
	145 @@ -35,13 +35,8 @@ is a simple HTTP GET/HEAD-only web server for static …
	146 .It Fl d Ar dir
	147 Serve
	148 .Ar dir
	149 -after chrooting into it.
	150 +after changing into it.
	151 The default is ".".
	152 -.It Fl g Ar group
	153 -Set group ID when dropping privileges, and in socket mode the group of …
	154 -socket file, to the ID of
	155 -.Ar group .
	156 -The default is "nogroup".
	157 .It Fl h Ar host
	158 Use
	159 .Ar host
	160 @@ -86,12 +81,6 @@ redirects on non-standard ports.
	161 Create the UNIX-domain socket
	162 .Ar file ,
	163 listen on it for incoming connections and remove it on exit.
	164 -.It Fl u Ar user
	165 -Set user ID when dropping privileges,
	166 -and in socket mode the user of the socket file,
	167 -to the ID of
	168 -.Ar user .
	169 -The default is "nobody".
	170 .It Fl v Ar vhost
	171 Add the virtual host specified by
	172 .Ar vhost ,
	173 diff --git a/sock.c b/sock.c
	174 index 7000738..31960c5 100644
	175 --- a/sock.c
	176 +++ b/sock.c
	177 @@ -68,7 +68,7 @@ sock_rem_uds(const char *udsname)
	178 }
	179
	180 int
	181 -sock_get_uds(const char *udsname, uid_t uid, gid_t gid)
	182 +sock_get_uds(const char *udsname)
	183 {
	184 struct sockaddr_un addr = {
	185 .sun_family = AF_UNIX,
	186 @@ -99,11 +99,6 @@ sock_get_uds(const char *udsname, uid_t uid, gid_t gi…
	187 die("chmod:");
	188 }
	189
	190 - if (chown(udsname, uid, gid) < 0) {
	191 - sock_rem_uds(udsname);
	192 - die("chown:");
	193 - }
	194 -
	195 return insock;
	196 }
	197
	198 diff --git a/sock.h b/sock.h
	199 index a39aec9..4f790f6 100644
	200 --- a/sock.h
	201 +++ b/sock.h
	202 @@ -8,7 +8,7 @@
	203
	204 int sock_get_ips(const char , const char );
	205 void sock_rem_uds(const char *);
	206 -int sock_get_uds(const char *, uid_t, gid_t);
	207 +int sock_get_uds(const char *);
	208 int sock_set_timeout(int, int);
	209 int sock_get_inaddr_str(struct sockaddr_storage , char , size_t);
	210
	211 --
	212 2.21.0
	213